Live Nation subsidiary Ticketmaster hit by data breach, details on dark web

Entertainment company Live Nation announced a security breach at its subsidiary, Ticketmaster. The incident occurred on May 20 at 10:00 AM Eastern Time, and a cybercriminal subsequently offered user data for sale on the dark web.

TechCrunch reported that Live Nation notified the appropriate regulatory bodies more than a week after the incident occurred.

Live Nation detected the breach when unauthorized activity was observed in a database managed by an external cloud provider. Although the company did not disclose the identity of this provider, a Ticketmaster spokesperson confirmed the database was on Snowflake's servers, a company specializing in data storage and analysis.

Snowflake reported that the attack potentially affected a limited number of customers but did not provide specific details. Snowflake spokesperson declined to comment on the Ticketmaster breach. Similarly, Live Nation and Ticketmaster representatives have not issued public statements regarding the incident.

The administrator of the popular cybercrime forum BreachForums claims to possess data of 560 million customers, including Ticketmaster users' information, such as ticket sales details and payment card data. TechCrunch verified some of this data, confirming its authenticity by checking email addresses.

In May, the Department of Justice and 30 attorneys general filed a lawsuit against Live Nation, accusing the company of monopolistic practices.